Guidelines to Protecting Your Files from Ransomware Attacks or Other Data Loss

Ransomware is a type of malware attack that results in the encryption of computer files by malicious users. These attackers there after demand a form of ransom from the computer owners in exchange for the decryption key required to decrypt the encrypted files. When a ransomware attack occurs, paying a ransom to the attackers is not always advisable as this goes a long way in boosting the work done by cybercriminals. There is also no guarantee that the decryption key will be released to the user after the ransom demand has been met. The best approach therefore is for users to make use of backup solutions to recover in cases of data destruction or loss.

Guidelines

All members of the CUNET domain have access to private (P:) and departmental (W:) network drives for the storage of important information as opposed to storing them on the computer’s personal local disk drive. Both the P: and W: network drives are regularly backed-up and are restorable should data be encrypted or lost. Please contact ITSServiceDesk@Cunet.Carleton.Ca for questions or support regarding network drives.

Individuals who are not on the CUNET domain may be able to use departmental network storage solutions where available. When using departmental network storage, it would be advisable to understand how the data is backed-up, and how to request data restoration.

When centralized storage with backup services is not available, data can be backed-up using external media. Where external or portable media is utilised, encryption can protect sensitive or confidential information on the portable media. This is in support of the Data and Information Classification and Protection policy, and the Mobile Technology Security Policy.
Note: ITS Hardware Services Group provides secured USB thumb drives for securely storing backup copies of documents.

When using portable media, disconnect the media once backups have completed; failure to disconnect a portable backup device can leave it vulnerable to malicious software such as ransomware.

The synchronization of data between the user’s computer and the portable media device should be carried out on an interval that is sufficient to safeguard against losing any significant amount of data.

Extra Safeguards include:

Avoid clicking suspicious links and opening spam emails; it is always best to go to a website directly, not via links in emails.

Be cautious of opening email attachments as malicious actors often use compromised accounts to perpetuate their phishing; if you are at all suspicious contact the sender to validate it is a legitimate email and attachment. If opening attachments, be additionally cautious of enabling macros in office documents.

Removal of outdated browser plugins and add-ons can reduce the security exposure posed by plugins and add-ons.

If for any reason you suspect you may be a victim of a ransomware attack, at the instance where you discover it, disconnect your computer form the network immediately and contact ITS.